419 on paper

The first 419 letter I ever saw was on paper.  It was back in about 1995, before scammers discovered email.  And it wasn’t even addressed to me: the lucky recipient of Nigerian millions was the owner of a bar in Rome.  He showed it to me because it was in English, and he thought that I as a native speaker (as well as a regular customer in his bar) might have some insight.  I didn’t: my puzzlement matched his own, and the thoroughly international word mafia suggested itself as an explanation.

Today in the post I had an envelope postmarked Malaga.  That’s a traditional holiday destination for Brits, so I wondered who the **** might be there and sending me … not merely a postcard, but a letter.  Opening it, turns out I’ve won a nice big share of a prize, from a lottery I (of course) never entered.  Yeah, right.

It’s actually a bloody good “nothing to lose” offer.  It’s not asking for sensitive information beyond what we all routinely disclose to strangers, e.g. when we make someone a payment.  The most likely-looking catch is that there’s a 10% agents fee, payable only after I’ve cashed their cheque.  Looks like an interesting timing issue, for their cheque to bounce after mine has irrevocably cleared.

I guess if I didn’t have the spam filter, I’d be reading the same thing many times a day.  But on paper it’s still a bit of a novelty.

Missing HMRC CDs

Here’s a thought.

Did those lost CDs with details of 25 million people ever really exist? It’s now reported that the delivery company TNT denies any knowledge of them.

Plausible scenario: someone was asked to produce the data, but couldn’t or didn’t, perhaps for reasons outside their control like not having access to it. Under pressure, and expecting it soon to be sorted, someone told a harmless little white lie (as it seemed to them at the time) about it being in the post. Things then escalated from there.

Any Dilbert reader should have no trouble filling in details.

Open source farming

The Beeb’s early morning farming program[1] today featured a finalist in their “farmer of the year” media event. Today’s finalist is someone who makes a business growing herbs in Scotland, and I found it genuinely interesting.

The Beeb’s farming coverage is mostly in the vanguard of the propaganda effort telling us that farmers are good but hard done by, and supermarkets (especially Tescos, the biggest and most successful) are evil. Today’s herb grower is a clear exception: he’s spent twenty years not whinging, but building a successful business instead. His biggest customer is Tescos, but rather than tow the usual BBC line, he explained that they shared the common goal of selling fresh herbs to consumers, to everyone’s benefit.

That positive attitude to cooperative marketing will look familiar to open sourcers, but doesn’t of itself make an open source style of business. What provoked me into blogging was the additional information that this farmer has spent a lot of time travelling the world in search of best practice and ideas, and shares them freely with whomsoever is interested. That sounds like a genuinely open source style of business model.

[1] no link – the website is wrong: either it’s featuring another day’s (week’s?) program, or they changed their minds. UPDATE – this link now works, but will probably change again.

MSDN Update

Several weeks ago I blogged about MSDN:

“I have recently received email from Microsoft. They’ve given me an MSDN subscription number, which works to log me on to their site. A bunch of MS developer resources are apparently in the post.”

“In the post” was evidently optimistic, and earlier this week I pinged wrowe (our MS contact at Apache) about whether to expect anything. He and others on IRC told me all you get is a membership card, from which I concluded that I’m not missing out on anything.

Now almost as if someone was listening, I’ve finally received the envelope. In addition to a silly card, it contains a little glossy booklet, whose potentially-useful contents are basically a bunch of URLs and contact details, a list of MS products covered by MSDN subscription. A section entitled “Licensing” claims to be “for information purposes only”, from which I infer it clarifies nothing about whether there are areas of MSDN into which it would be seriously unwise to wander.

Another section refers to “Your First Shipment”, which will include “a complete set of discs[1] in a binder”, which is also kind-of what the initial email hinted at. Going by what I’ve heard to date, I have no expectation of any such shipment. That leaves me with a bootstrap problem: I have hitherto:

• A licensed copy of Windows XP, that was bundled with my now-dead Dell laptop, and older windows versions.
• A windows partition on my current desktop, installed from the Dell CD after the laptop died.
• No Internet connectivity from Windows, because it doesn’t seem able to find my current networking hardware.

In general that’s fine by me: I find the idea of exposing windows to the perils of the ‘net pretty terrifying. But there are a few times when one needs it, and bootstrapping MSDN seems like a critical instance thereof. Guess I’ll just have to google for where I can download the relevant driver to get online.

[1] Yes, it uses the English spelling of discs!

Good on ya, Oz

(excuse the cliché!)

To my aussie friends and colleagues,

I don’t follow aussie politics, and I don’t know what you’ve just elected. But good on ya for throwing out the dinosaur Howard: that’s certainly something you and the world needed!

Relying on Identity

Yesterday’s news: Government agency loses sensitive data on 25 million people. Not encrypted. Head of agency resigns. El Reg reports something interesting has popped up on ebay.

Meeja gasp in astonishment: how could they? That’s half the country exposed to identity theft and fraud in a single incident. Shock, horror!

But the reality is that this kind of ‘accident’ is becoming a regular event. OK, 25 million at once is not the norm, but losses of six-figure numbers of such records are being reported every few weeks. The culprits are household names, like banks and government agencies. How many such incidents go unreported is unknown. Nor do we know whether this is anything new: what has changed recently is that such losses suddenly became sensitive.

Furthermore, a lot of personal information can be obtained legitimately and cheaply. There are companies who make a business of tracing holders of assets. I’ve recently been contacted by one such about some bonus-shares from one of the Thatcher privatisations, and registered to me at an address I’ve had no connection with since about 1990. My shares are apparently worth about £200, and their finders fee – if I choose to use their service – would be about £20. The fact they can run a business based on that kind of thing demonstrates just how easy it is to trace people!

Conclusion: this is something we’re going to have to live with.

So, how do we live with it? Indeed, why is it a problem in the first place? The idea that we should carefully guard our own personal information is new to those of us with nothing to hide: for example, it’s not so long ago I published my home address on my homepage on the ‘net. Some countries have different attitudes to privacy, and consider some of the information we jealously guard to be public.

The basic problem, as we hear it reported, is one of fraud:

Ring, Ring.

“Hello, this is Gordon Brown, of 10, Downing Street, SW1. I’d like a £50K loan for a flashy new car.”

“Yes Mr Brown. Your credit rating says that’ll be fine. We’ll need you to answer a couple of personal questions so we know it’s really you. What is your mother’s maiden name?”

[… cut …]

“OK, that’s all in order. When do you need the money?”

“Immediately, please. And since I’m away from home until the end of next week, can you send it to me c/o the Mended Drum, Ankh Morpork?”

“Yes sir, that will be fine.”

Apparently that kind of thing really does happen. Enumerating the problems with it is left as an exercise for the reader.

It seems to me that the fundamental problem is not really who has access to information, but rather why do we allow basic, widely available or low-security information to be so profitable? It all smells of the race to the bottom, wherein companies put generating new business and market share above the quality, and in this case security, of that business.

The exception to that is tokens such as passwords and PIN numbers, and how to use strong ones, use them securely, remember them, and not re-use the same tokens for multiple different purposes. Public-key technology can indeed solve that (and without the need for a massive central identity database), but that’s another topic.

Credit Coincidence?

We’re supposed to be in a time of reduced financial liquidity.  A “credit crunch”.  A shortage of money.

So is it just coincidence that I’ve had a sudden flurry of junkmail (the paper kind, that I can’t leave to the spam filter) inviting me to take out not only new credit cards, but also loans?

The credit card “offers” are a fairly steady stream, but seem to be increasing rather than decreasing.  But the loan “offers” have seen a definite and very substantial rise this autumn.  Lenders are evidently still anxious for me to borrow!

I wonder just how widespread this is.  I expect the merkins have got a share of the insanity, but is the rest of Europe in it too?

A taste of the grim past

When I lived in Sheffield in the early 1990s, it had become a very pleasant city. In fact it’s probably the nicest place I’ve lived and worked. But like many of England’s cities, it has a very different past, as a centre of large-scale heavy industry, under a regular pall of heavy smoke from a great forest of huge chimneys. Sheffield’s Kelham Island Industrial Museum brought the city’s grim past to life like no other: I think I found it more evocative even than seminal works of industrial Britain like Dickens’ Hard Times.

Now over the past couple of weeks, an echo of industrial-revolution hell has come to Tavistock. The road I live on runs in an east-north-east direction from the town centre, and up a hill. That’s precisely the direction of our prevailing wind[1]. There isn’t (usually) too much crap coming from the town centre, but it leaves me right in the path of it when someone a few doors down the hill burns coal. Because I’m above the level of their chimney, it billows throughout my flat: I expect the original occupants of the house would’ve gone downstairs at times like this, but that’s not an option since it was converted to flats. And it’s an inefficient domestic fire that belches out soot and carbon monoxide, and no doubt other nasties. Now it’s got to the stage of lingering: on Friday I returned home having been out for about two hours, and when I put my home-pullover[2] on, it smelt faintly of soot.

Sigh. Yet another reason to escape. Bah, Humbug.

[1] Hence why the “East End” of our cities is always the main area of poverty and slums – noone who could afford it wanted to live downwind of the city.

[2] Comfortable and once nice, but now far too tatty to be seen in outside the home. And I’m … erm … not known for my sartorial elegance at the best of times.

Chinese translation!

It seems my apache modules book is being translated into Chinese.  I’m not quite sure what that really means, given that there are many chinese variants spoken over such a huge country, not to mention diaspora.  But I guess it must be some reasonably universal mandarin, as English is to “the west”.

Anyway, my translator emailed, and asked if I’d like to contribute a preface for the chinese edition.  Well, I guess I can say something about how thrilled and excited I am to be translated for such an important market: surely the biggest and fastest-growing outside the english-speaking world.

With a bit of luck, this might correlate with an increase in activity and contributions coming back to Apache from China.  The language remains a barrier to free growth in the community, and I’ve no idea how much Apache community may already exist in China without announcing themselves to non-chinese-speakers.  Let us hope that where mod_fcgid (a popular, widely-used module from China) has led, others will follow.

Come full circle, get a grant

Today’s junk mail: not quite pure junk. The local bus company has done a rebranding exercise on the Plymouth-Tavistock route, and is leafleting the area about it. In with the junk was a new paper timetable, which I might use instead of traveline (at least until I inevitably lose it).

This particular route has always[1] had an excellent bus service: more like an urban route than a rural one. They’ve been up to 3 buses an hour at peak times, with an hourly evening service up to a last bus back at 23:45. According to the leaflets, that’s now rising to a peak of 4 per hour, with evening services remaining as before.

I had actually noticed the changes, though I didn’t know they were part of a full-blown rebranding exercise. The buses have got new colours (hideous in purple and pink). The timetables had clearly changed: I’d seen a bus at a time I knew no bus goes, and (suspecting a change in those I do use) checked the timetable.

Among the changes, a real improvement. Or rather, one particularly stupid change from a couple of years back undone. We’re back to only some of the buses faffing about in a tedious detour into Derriford Hospital. Now it’s fair that some buses should go there: people going to the region’s biggest hospital are likely to include some with mobility problems. But for any able-bodied person, it’s quicker to walk from the main route to/from the hospital than it is for the bus to make the tortuous detour through heavy traffic. And for the vast majority who have no interest in the hospital, that tedious delay is the biggest single reason not to use the bus!

Another reversal: we’ll again have some buses going Plymouth-Tavistock via the railway station. That could be a welcome change at the end of a long journey, but alas only during working hours, so I’m unlikely to get much use of it. It’s also a mixed blessing: when all the buses took the same route, one could always know where to catch the next one!

The other aspect of this is that they’ve got a grant for this re-branding exercise: three years of public funding. The lesson appears to be, gradually reduce the service until you get paid to restore it. Alas, the grant appears to have been absorbed by consultants and paint jobs: the fares (which are up 50% in the last 3 years) aren’t coming down. Maybe the drivers and mechanics are seeing some benefit, but I don’t expect it’s very much.

[1] For values of “always” exceeding my time in the area, since I returned from Italy to the UK in the late ’90s.